Skip to main content
Kubernetes Made Easy! Instantly spin up best-practice clusters with GetInfra templates. Browse Now

Working with Identity Server Local Apis

Some background: The Identity Server is powerful fully customizable authentication and authorization solution. I'm using it for last two years in my projects. It is cool system and most times works out of the box however, in some scenarios an cause a lot of troubles.

The official example can be found here Adding Apis. It's a good working example if you settings up Identity Server from scratch. However, in my case, I have to migrate existing endpoints from another application to existing Identity Server, which gives me no option to run the seeding data procedure(?).

To enable token validation for local API we just need to add the following to Startup.cs:

services.AddLocalApiAuthentication();

That was the easy part, now let's what is the tricky part: LocalApi schema is using IdentityServerApi scope. It is not added by default and need to be added manually in my case.

  1. Create the API Resource for your local API
INSERT  [dbo].[ApiResources] ([Enabled], [Name], [DisplayName], [Created], [NonEditable])
VALUES (1, 'apiAuth', 'Auth API', GETDATE(), 0)
  1. Create new API scope
INSERT [dbo].[ApiScopes] ([Name], [DisplayName], [Description], [Required], [Emphasize], [ShowInDiscoveryDocument], [ApiResourceId])
VALUES ('IdentityServerApi', 'Auth API', null, 0, 0, 1, <here comes the is from #1>)
  1. Add IdentityServerApi to client scopes:
INSERT [dbo].[ClientScopes] ([Scope], [ClientId])
VALUES ('IdentityServerApi', <clientId assuming you have one>)

To the full gist

Share this article

About the Author

Alexander Lvovich

Alexander Lvovich

Solution Architect & Software Developer | Automating & Scaling Infrastructure

💡 Working with Kubernetes, Istio, and DevOps. Got questions? Feel free to reach out!


No comments are allowed for this post